forked from extern/nix-config
c9bcd57404
This puts rar in a rootless container with no access to the network of the host.
56 lines
1.0 KiB
Nix
56 lines
1.0 KiB
Nix
{
|
|
containers.rar = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
|
|
bindMounts = {
|
|
"/home/user" = {
|
|
hostPath = "/home/user/containers/rar";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = { pkgs, lib, ... }: {
|
|
programs = {
|
|
fish.enable = true;
|
|
neovim.enable = true;
|
|
starship.enable = true;
|
|
};
|
|
|
|
users = {
|
|
defaultUserShell = pkgs.fish;
|
|
mutableUsers = false;
|
|
allowNoPasswordLogin = true;
|
|
|
|
users.user = {
|
|
isNormalUser = true;
|
|
home = "/home/user";
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
shells = with pkgs; [ fish ];
|
|
|
|
variables = {
|
|
TERM = "xterm-kitty";
|
|
};
|
|
|
|
defaultPackages = [ ];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
kitty
|
|
rar
|
|
unrar
|
|
];
|
|
|
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
|
"rar"
|
|
"unrar"
|
|
];
|
|
|
|
system.stateVersion = "22.11";
|
|
};
|
|
};
|
|
}
|